Skip to main content
Reading Time: 7 minutes

ITHappens Cybersecurity Series: Safeguarding Smart City IoT ecosystems

This article is based on a recent paper, written by Dylan Dreyer Varsics, Jelle Habraken, Sebastiaan Muijs and Xander Hendricks. This group researched how IoT ecosystems within smart cities could be enhanced to be more resilient against cyber-attacks.

Introduction to IoT cybersecurity within Smart cities

In the rapidly evolving landscape of urban development, the concept of smart cities has surfaced as a transformative force, leveraging modern technology to enhance efficiency, sustainability, and overall quality of life. However, this paradigm shift comes with a caveat, namely the vulnerability of interconnected smart city systems to cyber threats. As cities embrace technologies like the Internet of Things (IoT), the need for robust cybersecurity becomes paramount (Vitunskaite et al., 2019).

A single vulnerability in the smart city infrastructure can unravel the entire fabric of security, functionality, and privacy (Kitchin & Dodgeb, 2019). To exemplify the potential ramifications, the ransomware incident in Atlanta serves as a strong reminder. Cybercriminals exploited vulnerabilities, disrupting vital functions, demanding a ransom, and leaving the city to recover independently, incurring substantial financial and reputational costs (Young, 2021). Bridging the knowledge gap in understanding the interplay between technology and human factors is imperative for crafting effective cybersecurity strategies, and ensuring the long-term security and resilience of these smart city ecosystems.

Cybersecurity Challenges in Smart Cities

As smart cities progress, so do the risks associated with their digital ecosystems. While IoT solutions have streamlined traditional urban challenges, they simultaneously create potential vulnerabilities, where a single exploit could compromise an entire city’s security and privacy.

Examining real-world scenarios, the ransomware incident in Atlanta serves as a strong reminder of the vulnerabilities smart cities face. Cybercriminals exploited the city’s networks using brute-force techniques, deploying the SamSam ransomware. The aftermath disrupted critical government functions, costing the city nearly $17 million in recovery expenses and exposing significant weaknesses in its cyber infrastructure. Research on cybersecurity threats to IoT infrastructure in smart cities often lacks specificity, necessitating a focus on both positive and negative effects of technology and human factors to enhance cyber resilience.

Navigating Vulnerabilities in Smart Cities IoT ecosystems

While smart cities promise urban evolution, they are not immune to potential risks. In the realm of e-governance, the convenience offered by smart cities exposes citizens to threats, including the compromise of personal data and vulnerabilities in e-governance services. Cities gain more connected IoT devices for further development in the infrastructure of the cities to meet the needs of the government, citizens, and businesses ​(ChuanTao, et al., 2015)​. In smart cities, the government will improve the efficiency. It is easier for citizens to access official documents and policies, ensuring the public services work efficiently, and respond effectively to emergencies. The logistics and supply chain will improve for businesses, and marketing methods will give more possibilities. At last, the environment will be more sustainable, economical, and secure ​(ChuanTao, et al., 2015)​. However, the infrastructure of smart cities will be dependent on the internet and network, which Malicious actors can cripple. Some dominant domains within smart cities are at risk. For example, traffic management or surveillance camera systems may be targets for malicious attackers. Within water management, erroneous data could lead to water shortages. Within waste management, breaches could lead to the release of untreated sewage or denial-of-service attacks could disrupt waste collection (Kitchin & Dodgeb, 2019).

Dominant Factors Contributing to Security and Privacy Concerns

In the landscape of smart cities, security and privacy concerns loom large, with certain factors emerging as predominant challenges.  The following dominant factors arise as security and privacy issues.

  1. People and practices: Human behaviour plays a pivotal role in smart city security. Research indicates that a substantial percentage (80-90%) of data breaches result from employee mistakes (Chamorro-Premuzic, 2023).
  2. Network flaws: The importance of robust smart city networks cannot be overstated. Vulnerabilities arise from misconfigurations, dynamic routing practices, and the presence of rogue DHCP servers (Adil & Khurram Khan, 2021). Recognizing these network flaws is paramount for fortifying the security of smart city infrastructure.
  3. Vulnerable operating systems: Certain operating systems, such as Windows, are susceptible to security breaches. Recognizing the susceptibility of certain operating systems is essential for safeguarding smart city assets ​(Kitchin & Dodgeb, 2019)​.
  4. Outdated hashing algorithms: Using outdated algorithms like MD5, once popular for its speed, poses security risks in smart cities (Sumagita & Riadi, 2018). Recognizing the need to migrate away from MD5 is crucial for enhancing smart city security.

The Role of Risk Management in Smart City Cybersecurity

As smart cities grapple with these challenges, risk management emerges as a crucial player. Utilizing on human-centric and technology-centric approaches for risk mitigation is crucial to ensure cyber-resilient smart cities (Carter et al., 2021).

Human-centric Approaches to Risk Mitigation

Smart city cybersecurity extends beyond technological fortifications; it necessitates a human-centric approach. Training programs, effective delivery methods, and security awareness campaigns become essential components in building a cyber-resilient community.

  1. Risk management: A well-developed risk management plan, exemplified by the NIST Cybersecurity Framework, proves indispensable in IoT-enabled component development, identifying assets, threats, and vulnerabilities is key for IoT-enabled components (Din, Jambari, Yusof, & Yahaya, 2019).
  2. Effective training: Addressing the role of human error in cyber incidents through hands-on experiences, training scenarios, and team-based exercises is crucial since numerous incidents are caused by the lack of knowledge and preparedness of employees not being able to detect and prevent cyberattacks (Chowdhury & Gkioulos, 2021).
  3. Security awareness: Fostering a culture of security awareness through effective campaigns based on the hammer theory, incentivizing end-users, minimizing user-related security threats, and enhancing security efficiency is crucial for the overall security of a smart city domain (Hughes-Lartey, Li, Botchey, & Qin, 2021).

Technology-centric Approaches to Risk Mitigation

Safeguarding against cyber threats necessitates a multifaceted approach. Besides focussing on human-centric approaches, it is key to combine this with technology-centric approaches to reduce cyber risk within smart cities.

  1. Network security & operating systems practices: deploying intrusion detection systems ensures continuous monitoring and rapid response to cybersecurity threats. This approach, coupled with proactive measures like patching and upgrading using vulnerability assessment tools, strengthens the overall security of smart city systems. Integrating Blockchain technology further improves data integrity and access control, offering robust protection against cyberattacks on IoT networks and critical industries (Jannat et al., 2020).
  2. Intrusion detection and countermeasures: Protecting network-based applications in smart cities requires robust intrusion detection and countermeasure solutions. These technologies play a pivotal role in identifying and responding to unauthorized access or malicious activity. By incorporating threat intelligence sensing, smart cities can significantly improve cybersecurity by enabling early threat detection, preventative defensive strategies, and well-informed decision-making (Jannat et al., 2020).
  3. Password security: Strengthening IoT network security starts with robust password practices. Utilizing strong, regularly changed passwords, employing hash functions for secure storage, and prioritizing user education and awareness are essential measures (Lv, Qiao, Kumar Singh, & Wang, 2021).
  4. Encryption methods: Encryption plays a pivotal role in preserving privacy, with homomorphic encryption offering a promising solution. Somewhat Homomorphic Encryption (SwHE) proves efficient in applications such as medical and financial fields, allowing the modification of encrypted data without decryption, and enhancing data security in the cloud (Khatoun & Zeadally, 2017).
  5. Monitoring for cybersecurity threats: Implementing a multi-layered security system that continuously monitors IoT networks is imperative. AI algorithms, including machine learning and deep learning, can detect and prevent cyberattacks against smart infrastructure in real-time (Lv, Qiao, Kumar Singh, & Wang, 2021). The monitoring aspect of the security system involves continuously monitoring the traffic of the internal devices of the whitelist, modelling based on the security threats existing in the ontology and taking corresponding security measures according to the monitoring and modelling results ​(Lv, Qiao, Kumar Singh, & Wang, 2021)​.

Discussion & Conclusion

The evolution of smart cities, while transformative, brings significant challenges, notably the vulnerability of interconnected systems to cyber threats. The ransomware incident in Atlanta serves as an illustration of the potential consequences, emphasizing the urgency of addressing cybersecurity in smart city development. Bridging the knowledge gap between technology and human factors is crucial for building effective cybersecurity strategies. Incorporating both human and technology-centric approaches is critical for fortifying smart cities. By navigating vulnerabilities, understanding dominant factors, and implementing proactive measures, smart cities can aspire to a future that is not only technologically advanced but also resilient and secure for citizens to fully utilize on its benefits.


​​Adil, M., & Khurram Khan, M. (2021). Emerging IoT Applications in Sustainable Smart Cities for COVID-19: Network Security and Data Preservation Challenges with Future Directions. Suistanable Cities and Society

​Chamorro-Premuzic, T. (2023, May). Human Error Drives Most Cyber Incidents. Could AI Help? Retrieved October 2023, from Harvard Business Review: 

​Chowdhury , N., & Gkioulos, V. (2021). Cyber security training for critical infrastructure protection: A literature review. Computer Science Review

​ChuanTao, Y., Zhang, X., Hui, C., JingYuan, W., Cooper, D., & Bertrand, D. (2015). A literature survey on smart cities. Science China-Information Sciences

​Din, Z., Jambari, D. I., Yusof, M. M., & Yahaya, J. (2019). Challenges in Managing Information Systems Security for Internet of Things-enabled Smart Cities. IEEE

​Hughes-Lartey, K., Li, M., Botchey, F. E., & Qin, Z. (2021, March). Human factor, a critical weak point in the information security of an organization’s Internet of things. Heliyon. doi: 

​Jannat, A., Ilyas, A., Saeed, T., Iftikhar, A., Zahra, A., & Jafri, A. R. (2020). Exploration of Solutions for Smart Cities: Challenges in Privacy and Security. International Multitopic Conference. doi:10.1109/INMIC50486.2020.9318070 

​Kitchin, R., & Dodgeb, M. (2019). The (In)Security of Smart Cities: Vulnerabilities, Risks, Mitigation, and Prevention. Journal of Urban Technology VOL 26, pp. 47-65. 

​Sumagita, M., & Riadi, I. (2018). Analysis of Secure Hash Algorithm (SHA) 512 for Encryption Process on Web Based Application. International Journal of Cyber-Security and Digital Forensics, pp. 373-381. 

Leave a Reply